archetecture security fix
This commit is contained in:
+25
@@ -0,0 +1,25 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.requireTenant = requireTenant;
|
||||
const prisma_1 = require("../lib/prisma");
|
||||
const authHelpers_1 = require("./authHelpers");
|
||||
/**
|
||||
* Loads the company record and validates it exists.
|
||||
* Must be applied after `requireCompanyAuth`.
|
||||
*
|
||||
* Guarantees on success:
|
||||
* req.company — full Company record
|
||||
* req.companyId — string id (already set by requireCompanyAuth)
|
||||
*/
|
||||
async function requireTenant(req, res, next) {
|
||||
if (!req.companyId) {
|
||||
return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Tenant context missing — requireCompanyAuth must run first');
|
||||
}
|
||||
const company = await prisma_1.prisma.company.findUnique({ where: { id: req.companyId } });
|
||||
if (!company) {
|
||||
return (0, authHelpers_1.sendUnauthorized)(res, 'company_not_found', 'Company not found');
|
||||
}
|
||||
req.company = company;
|
||||
next();
|
||||
}
|
||||
//# sourceMappingURL=requireTenant.js.map
|
||||
Reference in New Issue
Block a user